Infected Seagate Hard Drives – Chinese subcontractors blamed for trojan horses
Posted on November 12th, 2007 in News & Events | 14 Comments »
Investigators say the tainted Maxtor portable hard disc, made by Seagate, uploads information saved on the computer automatically to Web sites in Beijing
A shipment of Maxtor external HDDs, produced in Thailand by US-based Seagate and sold in Taiwan, has been found to be infected with Autorun trojans designed to gather sensitive data from machines connected to the storage devices. According to local reports, the Taiwanese government suspects Chinese involvement, as the devices are commonly used in government operations to provide data storage. Large amounts of sensitive government data are thought to have been harvested and passed on to web-sites based in China.
Following findings by the Investigation Bureau that portable hard discs produced by US hard drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that “contamination” took place when the products were in the hands of Chinese subcontractors during the manufacturing process.
Maxtor Basics Personal Storage 3200
On Saturday, Seagate Technology LLC, the manufacturer of the Maxtor portable hard drive, said on its Web site (www.seagate.com) that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus.
Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase…
—————–
If your Maxtor Basics Personal Storage 3200 unit is infected or to ensure that your unit is clear from this virus, install the latest virus definition list for your anti-virus software. As of October 2, 2007, 28 of the 32 anti-virus software titles have updated their virus definition list to include detect and clean this virus.
|
Antivirus |
Version |
Last Update |
Virus Name |
| AntiVir | 7.6.0.18 | 2007.10.01 | TR/Autorun.BK |
| Authentium | 4.93.8 | 2007.10.01 | (NOT UPDATED) |
| Avast | 4.7.1043.0 | 2007.10.01 | Win32:Autorun-U |
| AVG | 7.5.0.488 | 2007.10.01 | PSW.Generic4.TUP |
| BitDefender | 7.2 | 2007.10.02 | Win32.Worm.Autoruner.I |
| CAT-QuickHeal | 9.00 | 2007.10.01 | Worm.AutoRun.cn |
| ClamAV | 0.91.2 | 2007.10.02 | Trojan.Delf-1251 |
| DrWeb | 4.33 | 2007.10.01 | HLLW.Autoruner.175 |
| eSafe | 7.0.15.0 | 2007.10.01 | Virus.Win32.AutoRun. |
| eTrust-Vet | 31.2.5178 | 2007.10.01 | Win32/Rodvir!generic |
| Ewido | 4.0 | 2007.10.01 | (NOT UPDATED) |
| FileAdvisor | 1 | 2007.10.02 | (NOT UPDATED) |
| Fortinet | 3.11.0.0 | 2007.10.01 | OnLineGames.EO!tr.pws |
| F-Prot | 4.3.2.48 | 2007.10.01 | W32/Trojan.CDTB |
| F-Secure | 6.70.13030.0 | 2007.10.01 | Virus.Win32.AutoRun.ji |
| Ikarus | T3.1.1.12 | 2007.10.01 | Virus.Win32.AutoRun.bk |
| Kaspersky Lab | 7.0.0.125 | 2007.10.02 | Virus.Win32.AutoRun.ji |
| McAfee | 5131 | 2007.10.01 | PWS-LegMir |
| Microsoft | 1.2803 | 2007.10.02 | Worm:Win32/Rodvir.gen |
| NOD32v2 | 2563 | 2007.10.01 | PSW.OnLineGames.NBR |
| Norman | 5.80.02 | 2007.10.01 | W32/AutoRun.Z |
| Panda | 9.0.0.4 | 2007.10.01 | Trj/QQPass.AGZ |
| Prevx1 | V2 | 2007.10.02 | (NOT UPDATED) |
| Rising | 19.43.00.00 | 2007.10.01 | Trojan.Win32.Delf.ady |
| Sophos | 4.22.0 | 2007.10.01 | Mal/PWS-K |
| Sunbelt | 2.2.907.0 | 2007.10.02 | Win32.Worm.Autoruner.I |
| Symantec | 10 | 2007.10.01 | W32.Drom |
| TheHacker | 6.2.6.075 | 2007.10.01 | Trojan/Dropper.JI |
| VBA32 | 3.12.2.4 | 2007.10.01 | Virus.Win32.AutoRun.cn |
If you do not have any anti-virus software or if your anti-virus software hasn’t updated its virus definition list, then you can download and install this Kaspersky Lab Anti-Virus software application. Kaspersky Lab has provided Seagate customers a free 60-day fully-functional version of its Anti-Virus 7.0 software.
———————
Full story: TaipeiTimes.com
Seagate official release: Seagate.com
14 Responses
This is great that we’re being made aware of this, but someone should pressure Walmart, Staples, Best Buy, and Officemax to inform all the consumers who bought this unit from them.
“A shipment of Maxtor external HDDs [...] sold in Taiwan, has been found to be infected”.
Mr Magoo, I don’t think you are referring to the Taiwanese branches of these companies.
This was a spook move by China against Taiwan, and quite and effective one it seems. Well done them, and more fool any Govt who doesn’t roll their own SAN for storage.
does anyone know the url of either the seagate or the kaspersky announcement?
I cannot find either, leaving me wondering about the truth of this story. Reading the whole article on taipeitimes.com, the only quote I can find is attributed to an unnamed seagate spokesperson:
“This scenario seems unlikely because the 3200 does not have any software preloaded on the drive so there is not an opportunity for a virus to be loaded. Yes, the drive is formatted, but I have never heard of a virus that lives in the master boot record.”
which certainly doesn’t sound like a confirmation of the story.
Don’t people realize by now not to buy *anything* that was made in China? it will either kill you (or your pets or children) or steal your personal data. Sheesh….
Actually it’s a simple and a effective way in making money in killing or ruining someone else’s background.
Chinese Government knows that there are people with innovative ideas and creativity. It’s a simple method to steal via Trojans.
Crash someone’s computer in effect putting him or her out of commission.
I think it would be prudent, in formatting a hard drive by using an unused internal hard drive and an external hard drive. rather than using a preformatted hard drive.
Oops, I mean, an internal hard drive and a hard drive enclosure, firewire, e-sata or USB. doesn’t matter which one. I would go for 500GB or 750GB, to store or back up your data.
Whenever I buy a new drive I ALWAYS, ALWAYS format it first.
this isn’t only happening in china. Other portable drives are doing the same thing. I found this website that lists infected drives. Like ftr said ALWAYS FORMAT FIRST!!, but either way check this list of infected usb’s and external hardrives.
http://www.quazen.com/Science/Biology/The-Genetic-Code.53412
These are auto-run scripts embedded into a partition of the hard drive. Unless you disable any auto-runs from your USB terminals every time you connect one, it will have stored and sent the information even before you can right-click and manage your computer.
@ost, that Quazen blog has nothing to do with this topic.
This story is a false.
It is a lie.
And it is a poorly constructed lie.
There is no information to corroborate with the statements made in this story. Let me break it down to you:
1. “On Saturday, Seagate Technology LLC, the manufacturer of the Maxtor portable hard drive, said on its Web site (www.seagate.com) that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus.”
a. Why didn’t you link to the statement? You seem to have just linked to the site. Someone honestly trying to pass along information usually just makes a direct citation to the site.
b. To answer my own question, I’ll tell you why: The statement doesn’t exist. This piece was published on the 12th of Nov. – the “statement” happened “this Saturday” (what tech company makes statements on a Saturday. seriously, man. you think they’d do that at an expo?). “Saturday” makes this Nov. 10.
i. Let’s take a look at the site together. ( http://seagate.com/www/en-us/about/news_room/press_releases/ )
ii. Oh, there doesn’t appear to have been a press release on the 10th. Reading through the ones around the date, nay; In the Entire Month Of November – provides no evidence to support this, either.
c. Nice effort, though.
2. “Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase…”
a. Way to provide a link to that “similar warning”. I’ve got an idea, let’s search Kaspersky’s site.
i. Oh hey. Not a single thing.
3. Maybe it can be supported somewhere else (or, “Hello, Lin Ching-lin.”)
a. Hey. I wonder if we can pull up any other information about this problem. Let’s look at Google. Hey, look’it. All the blog posts in reference to it link back to Lin Ching-lin. It appears that only he is aware of this problem.
b. Care to provide a little more proficient skill in citing your sources Lin Ching-lin?
c. Put his name into Google News. Hey, it’s all the stories picked up. Check out the blog trackers. You’ll see that this is a pretty strained story… all linking back to one poorly cited story that, when the sources were checked for the content – were bereft.
4. This took all of 2 minutes to check. Maybe it’s the mouse gestures, maybe it’s middle-click-for-new-tab – but something that may have an effect on your data should be important enough to check out. Especially with implications this epic.
a. Would some upstanding technical outfit please hire a well-worded culture fiend that researches like that? Yes, there is such a thing as that level of depravity.
5. With apologies to Lin Ching-lin.
2 AphexMandelbrot
Thanks for you! Very interesting information
Retracted – seagate.com
Found it. I’m just saying, could you cite where you’re getting this from in the future?
Ok.
Source: seagate.com